Extracted

Extracted

• • Target

    a45d909888a93495322d0459b9cd376d50449ecebc63422eafde0a2490b76356

  • Size

    522KB

  • MD5

    32b975ac67bd8ea9093281bcf4cd0976

  • SHA1

    bfcdf6e23f42c748a1e632322a6f14a0a4bcca1f

  • SHA256

    a45d909888a93495322d0459b9cd376d50449ecebc63422eafde0a2490b76356

  • SHA512

    d2f4a6713f65cea562a888549d1d8ed3f8e2f52cc0d163ac0b8b1550e5e029d9257f52627e0e46133aa0336ce56acbef09c8f11530c93e461882de6c4a0c72d1

  • SSDEEP

    12288:1MrJy90NlzGX8XGkGUk8P449+zWdwLfvA2XMoEl:UyQGk7FPR9Hdvccl

  Score

  10^/10

  redlinerosnsporadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1